This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How can I Import CA Certificate into a new user profile when it's created

  • 2 replies
  • 1 has this problem
  • 5 views
  • Last reply by cor-el

more options

I need to deploy a CA Root Certificate to new firefox user profile when it is created in windows. I Seen somewhere that you could place a working copy of cert8.db in %programfiles%\firefox-installation-folder\defaults\profile and this would get added when a new firefox profile is created. However, the profile directory doesn't exist in the defaults folder and when I created it this method still didn't work. Is there a way to get firefox to create new profiles with preconfigured Certificates? Right now when new users open firefox for first time it is unable to connect to any SSL sites through our proxy server until the user adds the proxies ca certificate or it gets added later via logon script (at next user logon).

I need to deploy a CA Root Certificate to new firefox user profile when it is created in windows. I Seen somewhere that you could place a working copy of cert8.db in %programfiles%\firefox-installation-folder\defaults\profile and this would get added when a new firefox profile is created. However, the profile directory doesn't exist in the defaults folder and when I created it this method still didn't work. Is there a way to get firefox to create new profiles with preconfigured Certificates? Right now when new users open firefox for first time it is unable to connect to any SSL sites through our proxy server until the user adds the proxies ca certificate or it gets added later via logon script (at next user logon).

All Replies (2)

more options

Update... For anyone looking for a similar solution:

I ended up adding more to my logon script I have it check for a user's mozilla profile first and if not found it will use command line "firefox.exe -createprofile default" to make one. After that I just copy a working cert8.db to that new profile. Then when the user opens firefox for first time, it will detect this new profile, and it will load it along with the correct CA Certs intact...

Also, for existing profiles my script just uses nss certutil to add my proxy CA Certificate to the users profile cert8db.

Modified by toy4x4

more options

The folder needs to be \browser\defaults\profile and not \defaults\profile. See:

You can initialize a profile by creating a \browser\defaults\profile folder in the Firefox program folder (C:\Program Files\Mozilla Firefox\) and place files like a user.js or a bookmarks.html file in it.

  • C:\Program Files\Mozilla Firefox\browser\defaults\profile